return -1;
}
- if (!s->read_ahead)
+ /* We always act like read_ahead is set for DTLS */
+ if (!s->read_ahead && !SSL_IS_DTLS(s))
/* ignore max parameter */
max = n;
else {
ssl_minor = *(p++);
version = (ssl_major << 8) | ssl_minor;
n2s(p, rr->length);
-#if 0
- fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
-#endif
/* Lets check version */
if (!s->first_packet) {
}
goto again;
}
-#if 0
- fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type,
- rr->length);
-#endif
return (1);
packlen *= 4;
wb->buf = OPENSSL_malloc(packlen);
+ if(!wb->buf) {
+ SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
wb->len = packlen;
} else if (tot == len) { /* done? */
OPENSSL_free(wb->buf); /* free jumbo buffer */
if ((sess == NULL) ||
(s->enc_write_ctx == NULL) ||
(EVP_MD_CTX_md(s->write_hash) == NULL)) {
-#if 1
clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
-#else
- clear = 1;
-#endif
mac_size = 0;
} else {
mac_size = EVP_MD_CTX_size(s->write_hash);
goto err;
}
-#if 0 && !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
- if (type == SSL3_RT_APPLICATION_DATA && s->compress == NULL &&
- !SSL_USE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
- EVP_CIPHER_flags(s->enc_write_ctx->cipher) &
- EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)
- do {
- unsigned char aad[13];
- EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param =
- { NULL, aad, sizeof(aad), 0 };
- int packlen;
-
- memcpy(aad, s->s3->write_sequence, 8);
- aad[8] = type;
- aad[9] = (unsigned char)(s->version >> 8);
- aad[10] = (unsigned char)(s->version);
- aad[11] = (unsigned char)(len >> 8);
- aad[12] = (unsigned char)len;
- packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
- EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
- sizeof(mb_param), &mb_param);
-
- if (packlen == 0 || packlen > wb->len)
- break;
-
- mb_param.out = wb->buf;
- mb_param.inp = buf;
- mb_param.len = len;
- EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
- EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
- sizeof(mb_param), &mb_param);
-
- s->s3->write_sequence[7] += mb_param.interleave;
- if (s->s3->write_sequence[7] < mb_param.interleave) {
- int j = 6;
- while (j >= 0 && (++s->s3->write_sequence[j--]) == 0) ;
- }
-
- wb->offset = 0;
- wb->left = packlen;
-
- /*
- * memorize arguments so that ssl3_write_pending can detect bad
- * write retries later
- */
- s->s3->wpend_tot = len;
- s->s3->wpend_buf = buf;
- s->s3->wpend_type = type;
- s->s3->wpend_ret = len;
-
- /* we now just need to write the buffer */
- return ssl3_write_pending(s, type, buf, len);
- } while (0);
-#endif
-
/*
* 'create_empty_fragment' is true only when this function calls itself
*/
if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) {
if (((s->state & SSL_ST_MASK) == SSL_ST_OK) &&
!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
-#if 0 /* worked only because C operator preferences
- * are not as expected (and because this is
- * not really needed for clients except for
- * detecting protocol violations): */
- s->state = SSL_ST_BEFORE | (s->server)
- ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#else
s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#endif
s->renegotiate = 1;
s->new_session = 1;
}
switch (rr->type) {
default:
-#ifndef OPENSSL_NO_TLS
/*
* TLS up to v1.1 just ignores unknown message types: TLS v1.2 give
* an unexpected message alert.
rr->length = 0;
goto start;
}
-#endif
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
goto f_err;